We are receiving below alert in opsgenie, So please suggest how to do basic checks and fixing the issue
Labels
alertname = KubeClientCertificateExpiration
cluster = cluster.example.com
job = apiserver
prometheus = openshift-monitoring/k8s
severity = warning
Annotations
message = Kubernetes API certificate is expiring in less than 7 days.
Thanks in advance
Ravi kumar G
This could be because Kubernetes API Server Client certificate is expiring. This is the certificate that Kubernetes API Server uses to talk to kubelet.
You could verify this by capturing network traffic on the kubelet https port using tcpdump and analyzing the tcp handshakes using wireshark (filter "tls.handshake.client_cert_vrfy.sig") and inspecting the client certificates.
Also check if there is any pending csr by kubectl get csr --sort-by='{.metadata.creationTimestamp}
' and approve them using kubectl certificate approve csrname